ATTENTION: I haven’t updated this repository for quite a while and I’m not sure when I’ll get the time to again. Work is keeping me pretty busy and there is a new kid on the block with CodeQL, which pretty much makes this project obsolete because it does pretty much what TAINTalyzing set out to do but has more active support and development behind it (whereas TAINTalyzing was a one-man-job for a few months). I recommend you give CodeQL a try and see if you like it :)!
An easy to extend static code analysis framework.
Please see either the Dockerfile
, or Projekt/INSTALL.md
for instructions on how to install and
use the framework.
The framework uses static code analysis to try to find potentially user controlled inputs and potentially security critical functions and whether there is a connection between the two. It will then output its findings to make searching for vulnerabilities in your source codes easier.
One of the main intents of the framework is to be easily extensible, such that users can easily create new modules to allow additional programming languages to be supported as well as new rulesets to use with these modules.
Contains my master thesis and all the theoretical background for the framework (German only, sorry).
Important files:
.latexmkrc
: Used forlatexmk
to compile the source filesGenerate Print Versions.cmd
: Converts color images fromimg/Digital
to black and white images underimg/Druck
LaTeX-Watch-and-Build.cmd
: Generates tags file for Vim,latexmk
to compile source files,TeXLogAnalyser
to pretty print errors and warnings during the compilation,chktex
to check for common errors in LaTeX sources and LanguageTool to find grammatical mistakes. Results are also stored in subdirectorylogs
.Literatur.bib
: BibLaTeX file with sourcesWatch.cmd
: Useswatchexec
to watch for changes in the LaTeX sources, callsLaTeX-Watch-and-Build.cmd
with the changed files
Contains the presentation I gave to demonstrate the framework.
Important files:
.latexmkrc
: See aboveexample/*
: Example HTML report that I showcase in the presentationLaTeX-Watch-and-Build.cmd
: See abovevideo/cfiles.mkv
: Video demonstration of the framework in actionvideo/layout.txt
: Layout configuration for Windows command shell window (prompt was set withprompt $G
)Watch.cmd
: See above
The project files needed to run the framework.
Important files:
.flake8
: Configuration for Python code style checkerflake8
.pylintrc
: Configuration for Python code style checkerPylint
checkstyle.{cmd,sh}
: Check for Python style violationsINSTALL.md
: Installation and usage instructionsinstall.{cmd,sh}
: Automatic install scripts. If using 32 bit versions of Windows, you need to manually download GNUfile
Makefile
: Used to generate documentation withmake html
requirements.txt
: Prerequisites for the installation withPipenv
Pipfile.lock
: Used for installation withPipenv
Pipfile
: Used for installation withPipenv
conf.py
: Configuration file for the documentationcustom.js
,logo.png
, andstyle.css
: Keep those in the same directory as the HTML report, customize if you want tomodules/*/grammar.py
: Grammar used to parse a programming languagemodules/*/sinks/*.y{a,}ml
: Create rules for sinks and sanitizers heremodules/*/sources/*.y{a,}ml
: Create rules for sources heremodules/abstract_grammar.py
: When creating new grammars, use this as base classmodules/detection.txt
: Detection parameters for modulesrun.{cmd,sh}
: Run the frameworktestfiles/*
: Test files for unittestsunittest.{cmd,sh}
: Automatic unittests
To find rules for your vulnerability detection, you should search for the Security Development Lifecycle. For example see this article from Microsoft for examples of vulnerable functions in C and which alternatives to use.
Please note, that not all rules from these sites are incorporated and recommendations might differ. Please think for yourself, which recommendation you can and want to follow.